4
我是一名初學者,嘗試在Active Directory中實現Java客戶端。到目前爲止,我寫了下面的代碼:如何通過Java客戶端在Active Directory中創建新用戶並將其添加到Active Directory中
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
public class NewUser {
public static void main(String[] args) {
NewUser user = new NewUser("aaa", "bbb", "ccc", "orgunit");
try {
System.out.print(user.addUser());
} catch (NamingException e) {
e.printStackTrace();
}
}
private static final String DOMAIN_NAME = "whatever";
private static final String DOMAIN_ROOT = "dc=xyz"; // ?
private static final String ADMIN_NAME = "CN=Administrator,CN=Users,DC=xyz,DC=xyz";
private static final String ADMIN_PASS = "xxxxxxx";
private static final String DOMAIN_URL = "ldap://xxx.xxx.xx.xx:389";
private String userName, firstName, lastName, organisationUnit;
private LdapContext context;
public NewUser(String userName, String firstName, String lastName, String organisationUnit) {
this.userName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.organisationUnit = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addUser() throws NamingException {
Attributes container = new BasicAttributes();
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName
+ "@" + DOMAIN_NAME);
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
private static String getUserDN(String aUsername, String aOU) {
return "cn=" + aUsername + ",ou=" + aOU + "," + DOMAIN_ROOT;
}
}
所有我需要的是創建和添加一個用戶。
我有以下錯誤:
javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID 031007F3, data 0, 1 access points
ref 1: 'xyz'
]; remaining name 'cn=bbb ccc,ou=orgunit,dc=xyz'
我覺得你的代碼的幾個問題。您需要在Active Directory中使用「unicodePwd」而非userPassword。在Active Directory中設置密碼時,您還必須使用LDAPS。這可能有所幫助:http://ldapwiki.willeke.com/wiki/Set%20Active%20Directory%20Password%20From%20Java – jwilleke 2013-04-30 10:25:14
@jeemster謝謝。那麼讓我們假設我不需要任何密碼。我在我的帖子中編輯了代碼。我仍然有同樣的問題。這個字符串似乎有問題:'cn = bbb ccc,ou = orgunit,abc.xyz.xyz'。它不應該看起來像'cn = bbb ccc,ou = orgunit,SOMETHING_HERE = abc.xyz.xyz'? – ruhungry 2013-04-30 11:11:46
我也改變了DOMAIN_ROOT,現在我得到了以下錯誤:'javax.naming.PartialResultException:[LDAP:error code 10 - 0000202B:RefErr:DSID-031007F3,data 0,1 access points \t ref 1:'xyz' ];剩餘的名稱'cn = bbb ccc,ou = orgunit,dc = xyz'我如何檢查服務器,如果我提供的直流電是正確的? – ruhungry 2013-04-30 12:04:56